TAK Server Docker Setup

This directory contains a unified Docker configuration for running TAK Server components.

Prerequisites

You must have the official TAK Server Docker release archive. The archive should be in ZIP format and contain both docker and tak folders.

Setup Instructions

1. Build the Docker Image:

   docker build -t takserver .
   

2. Run TAK Server:

   docker run -d --name takserver \
     -e TAK_MODE=server \
     -v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
     takserver
   

3. Run TAK Database:

   docker run -d --name takserver-db \
     -e TAK_MODE=database \
     -v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
     takserver
   

4. Alternative: Mount the archive directory (for automatic latest version detection):

   # Mount the directory containing TAK archives
   docker run -d --name takserver \
     -e TAK_MODE=server \
     -v /path/to/tak-archives-directory:/tak-archive:ro \
     takserver
   

How It Works

• Unified Image: One Docker image serves both TAK Server and Database functions
• Mode Selection: Use the TAK_MODE environment variable to choose between server (default) or database
• Runtime Extraction: The container checks for and extracts the TAK archive on startup
• Automatic Version Detection: If you mount a directory, the container will automatically find and use the latest TAK archive
• Flexibility: The same image can be used with different TAK archive versions
• Persistence: Once extracted, the TAK files persist in the container until it's removed

File Structure Expected

Your TAK Server archive should have this structure:

takserver-docker-5.4-RELEASE-19.zip
├── docker/           # Docker-related files (not used)
└── tak/              # TAK Server files (this is what gets copied)
    ├── configureInDocker.sh
    ├── db-utils/
    │   └── configureInDocker.sh
    └── ... (other TAK files)

Environment Variables

• TAK_MODE: Set to server (default) or database to determine the container's function
• TAK_ARCHIVE_PATH: Override the default TAK archive path (default: /tak-archive/takserver-docker-5.4-RELEASE-19.zip)

Usage Notes

• The TAK archive is mounted as read-only (ro) to prevent accidental modifications
• Server Mode: Starts automatically with the configureInDocker.sh init command
• Database Mode: Starts with the database configuration script
• Logs will be written to /opt/tak/logs/takserver.log in server mode
• The container will extract the TAK archive on first run and reuse the extracted files on subsequent runs

Data Persistence

To persist data across container restarts and updates, you should mount the following directories:

TAK Server Data Volumes:

• /opt/tak/logs - TAK Server logs
• /opt/tak/certs - SSL certificates and keys
• /opt/tak/conf - Configuration files
• /opt/tak/db-utils/pg_hba.conf - PostgreSQL authentication configuration

Database Data Volumes (when using TAK_MODE=database):

• /var/lib/postgresql/data - PostgreSQL database files
• /opt/tak/db-utils/logs - Database utility logs

Example with Data Persistence:

# TAK Server with persistent data
docker run -d --name takserver \
  -e TAK_MODE=server \
  -v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
  -v takserver-logs:/opt/tak/logs \
  -v takserver-certs:/opt/tak/certs \
  -v takserver-config:/opt/tak/conf \
  takserver

# TAK Database with persistent data
docker run -d --name takserver-db \
  -e TAK_MODE=database \
  -v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
  -v takserver-db-data:/var/lib/postgresql/data \
  -v takserver-db-logs:/opt/tak/db-utils/logs \
  takserver

Docker Compose Example

version: '3.8'
services:
  takserver-db:
    image: takserver
    environment:
      - TAK_MODE=database
    volumes:
      - /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro
      - takserver-db-data:/var/lib/postgresql/data
      - takserver-db-logs:/opt/tak/db-utils/logs
    container_name: takserver-db

  takserver:
    image: takserver
    environment:
      - TAK_MODE=server
    volumes:
      - /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro
      - takserver-logs:/opt/tak/logs
      - takserver-certs:/opt/tak/certs
      - takserver-config:/opt/tak/conf
    container_name: takserver
    depends_on:
      - takserver-db

volumes:
  takserver-db-data:
  takserver-db-logs:
  takserver-logs:
  takserver-certs:
  takserver-config:

Reverse Proxy with Custom SSL Certificate

You can use a reverse proxy (like Nginx, Traefik, or Caddy) to terminate SSL with your own certificate instead of using TAK Server's built-in SSL. This is recommended for production deployments.

Benefits:

• Use your own SSL certificates (Let's Encrypt, corporate CA, etc.)
• Centralized certificate management
• Better security practices
• Easier certificate renewal

Basic Nginx Configuration Example:

upstream takserver {
    server takserver:8443;
}

server {
    listen 443 ssl http2;
    server_name your-domain.com;
    
    ssl_certificate /path/to/your/cert.pem;
    ssl_certificate_key /path/to/your/private.key;
    
    # SSL security settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    
    # Proxy to TAK Server
    location / {
        proxy_pass https://takserver;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Important for WebSocket connections
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # SSL verification settings for upstream
        proxy_ssl_verify off;
        proxy_ssl_session_reuse on;
    }
}

Docker Compose with Nginx Reverse Proxy:

version: '3.8'

services:
  # ... your existing takserver and takserver-db services ...

  nginx:
    image: nginx:alpine
    ports:
      - "443:443"
      - "80:80"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - /path/to/your/ssl-certs:/etc/nginx/ssl:ro
    depends_on:
      - takserver
    networks:
      - takserver-network

Configuration Notes:

1. Remove External Port Mapping: When using a reverse proxy, remove the port mappings from the takserver service in docker-compose.yml since the proxy will handle external access.

2. Internal Communication: TAK Server will still use its internal SSL certificate for communication between the reverse proxy and the container.

3. Certificate Management: Your reverse proxy handles the public-facing SSL certificate, while TAK Server's internal certificate is only used for proxy-to-container communication.

4. WebSocket Support: Ensure your reverse proxy configuration supports WebSocket upgrades for real-time features.

5. Security Headers: Consider adding security headers in your reverse proxy configuration for enhanced security.

Alternative: Traefik with Automatic Let's Encrypt

For automatic SSL certificate management, consider using Traefik:

# Add labels to your takserver service
labels:
  - "traefik.enable=true"
  - "traefik.http.routers.takserver.rule=Host(`your-domain.com`)"
  - "traefik.http.routers.takserver.tls.certresolver=letsencrypt"
  - "traefik.http.services.takserver.loadbalancer.server.port=8443"
  - "traefik.http.services.takserver.loadbalancer.server.scheme=https"